Patrick McHenryChairman

Washington, April 16, 2024 -

Today, the House Financial Services Subcommittee on National Security, Illicit Finance, and International Financial Institutions, led by Subcommittee Vice Chair Young Kim (CA-40), is holding a hearing entitled “Held for Ransom: How Ransomware Endangers Our Financial System.”

Watch Vice Chair Kim’s opening remarks here.

Read Vice Chair Kim’s opening remarks as prepared for delivery:

“I would like to begin by thanking our witnesses for taking the time to be here today. I am delighted to sit right next to my friend and colleague, Representative Beatty. Additionally, I would like to wish Chairman Luetkemeyer a speedy recovery. 

“Today’s hearing will provide policy makers with essential information on the anatomy of a ransomware attack, a topic we have not discussed holistically since the committee held a hearing on pandemic-related fraud almost four years ago. 

“It is my hope that this hearing will provide a deeper understanding of the inner workings and long-term impacts of one of the leading cyber threats facing our nation today.

“Cyberattacks are carried out against organizations of all sizes, and across every sector, including, but not limited to, financial services, gaming, healthcare, education, and state and local governments.

“We all hear about ransomware. It is a frequent news topic, but the scale of the issue can be lost in the noise.

“In 2023 alone, ransomware attacks hit a record high with over $1 billion extorted from victim organizations.

“The United States, and the world, is quickly learning that no matter how prepared a company may be, or thinks it may be, the threat actors carrying out ransomware attacks have proven that no organization is safe from an attempt to infiltrate their systems. 

“All the cybersecurity preparedness in the world cannot deter an employee from inadvertently providing identification credentials to a cybercriminal. As such, I look forward to learning more about how Congress can create incentives for proper cyber hygiene and training.

“We are pleased to welcome this panel of highly expert witnesses today who will provide insights and advice on ransomware attacks.

“Whether it pertains to cybersecurity resilience, incident response and data recovery efforts, notification processes, policy considerations, or following the money, these witnesses can shed a light on gaps in the efforts to keep America safe from cybercrime—and suggest what Congress can do to address those gaps.

“Just over a month ago, two cities not far from my district, Oakley and Pleasant Hill in California, were the victims of a large ransomware attack, prompting the city of Oakley to declare a state of emergency.

“The technology divisions in these cities dropped everything to work with law enforcement to get incident response and recovery missions underway.

“Ransomware causes lasting real-world impacts for many across the country, as seen with this case in California. 

“Similarly, in February, Change Healthcare—one of the largest healthcare intermediaries between providers, patients, and payers—fell victim to what is being called, “one of the worst ransomware attacks in years.”

“The severity of this attack has forced the healthcare industry to reevaluate and reestablish entire facets of its supply chain efficiencies, payment cycle management, and cybersecurity readiness.

“I think it is fair to say that the ransomware threat is not going away anytime soon.

“As AI continues to grow more sophisticated, cyber criminals will harness these technological advancements to exploit the vulnerabilities of their victims.

“This weekend, Iran attacked Israel, our greatest ally in the Middle East, with drones and missiles launched from Iranian soil. 

“Since Hamas’ barbaric attack against Israel on October 7th, the United States has been aware of Iran’s role as a major funding source for the terrorist organization.

“Additionally, Iran has been facilitating aggressive cyber operations, ransomware included, against the United States and its allies. 

“In February, the Justice Department announced that an Iranian national had been charged for a multi-year hacking campaign targeting U.S. defense contractors and private sector companies.

“It is clear our adversaries overseas will continue to employ cybercrime campaigns as means to hurt our nation. 

“Congress must properly educate itself on the severity of this issue to better protect not only U.S. citizens and businesses, but U.S. national security interests as a whole. 

“I am grateful that the minority party has approached this hearing in a bipartisan fashion. This type of collaborative effort between committee staff and Members on both sides of the aisle is exactly how we must approach a threat of this severity. 

“We all must row in the same direction if we want to undercut the incredibly lucrative ransomware marketplace. 

“So, with that, thank you again to our witnesses for being here today, and I yield back.”

###